If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

freerainbowtables.com

I just wanted to let everyone know about freerainbowtables.com Its pretty sweet if you register you can help make rainbow tables and for all the parts you complete you get credits. Right now they have about 1200ghz of computing power :-) Ive been helping out the past couple of days I have a q6600 @ ~2.51 ghz so it runs 4 processes that generate the tables (1 for each cpu) and I am essentially generating them at 10ghz. Anyways check em out :-)

They are not freely available to the 'criminal and skiddie communities' as you put it - but rather they are free to anyone who needs them. Plus the software to generate your own is freely available anyway, likewise it is possible to freely download your own ready made tables...

Nonsense! if you have obtained the password hash then the system has been penetrated.

password auditing

Now that really is pathetic! this is the kind of snake oil I would expect from wannabe "security consultants".

It might have occurred to some here that if you "discover a weak password" you have just closed the stable door after the horse has bolted.......... you are already compromised............and you don't need to be a rocket scientist to figure that one out?

If you actually believe in passwords, other than as a means of allocating blame, you would set a policy and enforce it on password generation. You would know that your system enforced your policy, and that auditing it, is a totally spurious exercise.

learning

Ummm, yes, well......................

"Learning" what exactly?

They are not freely available to the 'criminal and skiddie communities' as you put it - but rather they are free to anyone who needs them.

Which, by definition, includes the criminal and skiddie communities.

And I would dearly love to know who, with honest intentions, actually "needs them"?

I have actually extracted the hashes off a computer for a customer before because they wanted me to preserve their password instead of change their password on a XP machine

Well, I wouldn't do that.............. over here "aiding and abetting" is a felony rap.

The only reason someone would want that is to commit a crime. If they know their password then they don't need you, and if they don't want it reset then it is because they don't want the true owner alerted to the fact that they have accessed the machine.

And the other time Ive needed them I ran an audit on forums that I used to run to make sure all our members with special access were using secure passwords.

Too little too late my friend Security needs to be proactive not reactive?

For that reason I have always found IDS a strange concept. I don't want to know that someone has broken into my machine............ I want to know that an attempt was made, and that it was prevented.